• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL

Common Security Terms

Common Security Terms

Absolute security

State in which a system can be called secure regardless of its exposure. Thought to be an impossible state for any system that is useful and being used. Certainly it is impractical.

Acceptable risk

Level of risk allowed or accepted by the owner of the item or data at risk.

Access Control

Process by which access to items is granted or denied to requestors.

Access Control Lists (ACLs)

Lists of entries showing who does or does not have access to an item.

Application layer filtering

Process of looking at application communications and allowing them (or not allowing them) through a network, based on what application is talking.

Audit log

Location where events are recorded for later review.

Authenticated Users Group

Post-SP3 group in Windows NT that represents any user who has a valid security token from a trusted domain. (Post-SP3 means this group was introduced in Service Pack 3 of Windows NT 4.0 and will not be found on earlier versions of Windows.)


Determining who a user is through a trusted mechanism or from a trusted source.

Back door

Undocumented way to gain access to a program, some data, or an entire computer system.

Back Orifice (BO)

Trojan-horse program that can be used to take control of a computer system.

Backing store

Temporary storage place for data. The pagefile is an example of a backing store.

Border control

Act of controlling network traffic at places where the internal network meets the Internet.


Application that lets you move about the Web, “browsing” pages.

Cable modem

Form of always-on Internet access.


Person or program accessing your system in an attempt to collect specific information.


Small bit of data—a simple name/data pair—that is written to the client system.


How damaging it would be if a risk did happen to your system.


Using a hack or exploit to infiltrate computer systems that do not belong to you.


Someone trying to access your computer system without your permission. Crackers usually know they are breaking into a system.

Critical data

Data you believe you must be able to recover or protect.


Key sequence used to initiate logon for Windows NT. This set of keys was selected because it is considered a reserved sequence for logons and system resets.

Denial of Service (DoS)

Causing a condition in which a computer system can no longer respond to valid network requests or communication.

Deny All, Grant Explicit

Security philosophy of denying all access to a system and then granting access only to specific things for specific reasons. (Opposite of Grant All, Deny Explicit.)

Digital Subscriber Line (DSL)

Form of always-on Internet access.

Discretionary or User-Defined ACL (DACL)

Access Control List applied by a user or Administrator to control access to user-created or sensitive data.


Collection of computers, printers, and such that share data with each other.

Domain Controller Account Database

Place where Windows NT stores user accounts. Also known as Security Accounts Database.

Domain Naming System (DNS)

Used by Internet to resolve IP addresses to names and back again.

Domain users

Built-in group in Windows NT (when using a domain) that contains all valid users of the domain.

Drive or drive partition

Physical hard drive or portion of a hard drive used to store data.

Dynamic Data Exchange (DDE)

Form of data exchange used in older versions of Windows; still supported in some versions of Windows.

Dynamic Shared Data Manager (DSDM)

Service used by network DDE to manage shared data.


Selling things over the Internet.


Mathematically changing data so it can be read by the intended receiver but not by anyone else.


Code or techniques used to crack computer systems. Also called “sploits.”


How likely it is that a risk will happen.

File Transfer Protocol (FTP)

Set of rules and an application for transferring files across the Internet.


Usually a combination of hardware and software for controlling access to a network. Can be hardware, software, or a combination of both.

Grant All, Deny Explicit

Security philosophy of granting access to everything and then removing access rights from specific things that need to be controlled. (Opposite of Deny All, Grant Explicit.)


Collection of users who have some similarities.


Clever or creative use of computer code to solve a problem.


Someone who is exploring someone else’s computer for curiosity’s sake.


Patch to an operating system, usually to fix a bug that is causing errors.


Connection from a document to related material located somewhere else.

Hypertext Markup Language (HTML)

Set of rules about formatting documents for use with hyperlinks. Predominant language for writing Web pages for static content.

Hypertext Transfer Protocol (HTTP)

Protocol used by the World Wide Web most of the time.

Identity theft

Act of assuming someone’s identity without their knowledge.

Important data

Data you want to protect, but is not critical. Data that would be hard or time-consuming to replace.

Integrated Services Digital Network (ISDN)

Form of always-on Internet connection that includes phone service.

Internet (net)

Series of interconnected networks that supports multiple protocols

Internet Engineering Task Force (IETF)

Group of people responsible for writing Internet specifications and working on plans for the future of the Internet.

Internet Mail Access Protocol (IMAP)

Newer Internet protocol for exchanging e-mail messages.

Internet Service Provider (ISP)

Company that provides access to the Internet.

IP Security (IPSec)

Process of securing the connection used on the network via TCP/IP, usually by encrypting data before sending it across the network.


Scripting language commonly used in Web programming.

Local Security Authority (LSA)

Part of Windows NT or 2000 system that does the actual authentication.

Master Boot Record (MBR)

Part of disk drive that contains information about how to boot up the operating system. Often used by viruses to hide in or infect systems.


Factors that can reduce or eliminate risk.


Putting two or more network cards in a computer so it can talk to more than one network.

Network Address Translation (NAT)

Changing the source address so people on the Internet can’t see the real address of your system.

Network Interface Card (NIC)

Hardware that translates the digital signals in your computer to physical signals that can be carried by wiring.


Hiding information or methods of accessing information so they are not obvious to users or intruders.

Open Systems Interconnection (OSI) Model

Framework for computer system communication allowing everyone to work from the same basic model.

Other data

Category for all data left after applying other categories. Not important enough to classify or known to be not worth protecting or saving.

See also [Critical data ]
See also [Important data ]
See also [Replaceable data ]

Packet filtering

Allowing or denying certain types of packets to travel through your network.


Parts of data that have been broken up to allow sending across a network.


Place on your hard drive that holds data from RAM temporarily while space is needed for higher priority tasks.


Manipulating phone systems to get free calls, make conference calls, or otherwise get services not normally offered.

Physical security

Securing your computer from physical access.

Platform for Privacy Preferences Project (P3P)

W3C system that lets users define what data companies can get from them on the Internet and how the companies are allowed to use the data.


Used in TCP/IP to allow different applications to communicate on a TCP/IP connection.

Post Office Protocol 3 (POP3)

An Internet e-mail protocol.


Actions someone is allowed to take while using the system.


Unit of work used to keep track of one or more threads of operation. How programs get things done on a computer system.


Language used for computers to speak to each other.

Protocol isolation

Using a different protocol to “isolate” part of the network and keep intruders out.

Proxy server

Server that makes requests to the Internet for you and relays that information back to you when it is fulfilled.

Public and Private keys

Tools for encrypting and decrypting data that allow use and distribution in reasonably public mediums because they use a matched pair of keys, private (not shared) and public (shared). You can’t derive the private key by having the public key, but you can decrypt messages that were encoded with that private key.

RAM memory

Space used by a computer to do calculations and data handling.


Storehouse of information. Can hold all kinds of data and is used most often to store operating system and application configuration data, setup and uninstall data, and various bits of security data. See Chapter 3.

Relative security

The idea that all security is a measure of risk and security is never perfect but rather can be tight enough for the stated purpose.

Remote Procedure Calls (RPC)

Mechanism by which computer systems talk to each other or internally to get computing tasks done.

Replaceable data

Data stored on a CD or other relatively permanent medium and that can be replaced by reinstalling or copying it back to the hard drive of your computer.

Request for Comment (RFC)

System of proposals and comments that often results in the open standards used by the Internet.


What might happen.


Group of privileges and/or access that defines how a user is allowed to use the system.

Role-Based Access Model

Security model in which your access is granted by the role(s) you have on this computer.


One of the primary mechanisms used to that ensure network communication gets to its intended recipient.

Scheduling priority

List of important tasks the computer uses to balance which applications and OS functions get CPU time.

Script kiddie

Novice at computer hacking; uses tools built by talented programmers to crack computer systems.

Secure channel

Protected connection between two systems; allows sensitive data to be exchanged.

Secured Sockets Layer (SSL)

Encrypted channel between your client browser and a Web server. Protects data sent through this connection.

Security audits

Auditing and logging to get a clear picture of what is going on in the computer.

Security in-Depth

Using more than one layer of security to ensure that an exposure doesn’t occur, even if one layer fails.


Physical system with server versions of software installed on it—in particular, Windows NT or Windows 2000 Server software.

Service pack

Release of fixes and sometimes features for upgrading an operating system without being a full OS release.


Puts a block of encrypted text on a document as a signature.

Simple Mail Transfer Protocol (SMTP)

Mail transfer protocol used on the Internet.

Simple Network Management Protocol (SNMP)

Network management protocol used in large networks to monitor servers and availability.

Social engineering

The act of talking one’s way into a desired result. Also called a “con” or “grift.” See Chapter 8.


See [Unsolicited commercial e-mail]

Person or program trying to send or relay unwanted e-mail messages through or to your system.

Stealth, stealthy

Conscious effort to hide oneself from detection.


Parts of the operating system that allow it to operate.

Symbolic link

Link internal to the operating system that allows the system to reference objects.

System-Defined ACL (SACL)

Access control list assigned by the operating system to protect sensitive parts of the operating system from users.

TCP/IP filtering

Determining what traffic should and should not be allowed through and on your network.


Microsoft tool that contains vast amounts of technical data about Microsoft products, troubleshooting, and maintenance.


Application for connecting to remote systems and performing tasks.


Basic unit of work for programming Windows. (Details are beyond the scope of this book.)

Tiger team

Group of professional hackers hired by a corporation to test security by attempting to break into the corporation’s systems.

Token object

Contains all of your rights and permissions when you log on to Windows NT or 2000 successfully.

Transmission Control Protocol/Internet Protocol (TCP/IP)

Dominant networking protocol used for the Internet and networking.

Traverse checking

Process in the OS by which access can be checked at every directory to determine if access should be allowed.

Trojan horse

Code that appears to be safe to run but actually contains damaging software or makes your system vulnerable to back doors or hacks.

Unsolicited commercial e-mail (UCE)

E-mail sent to you from someone you do not know. Usually attempts to sell you something. Many UCE mailings have been traced back to scams. Also called “spam.”

User rights and privileges

Actions and access that you have on a given system.


Microsoft scripting language used on the Web.

Virtual memory

Space on the hard drive for storing RAM data temporarily while the RAM space is needed for other tasks.


Self-replicating, stealthy computer program that performs some actions (typically malicious) on your computer when it is run.

Windows resource kit

Tools and utilities released by Microsoft that assist in administering their Windows products.

Windows Scripting Host (WSH)

Application that allows various scripting languages to be used on Windows systems.


Group of computers on the same network that can share data, printers, and such with each other.

World Wide Web

A protocol (HTTP) and a series of interconnected computers (Internet Web servers) working together to provide you with a way to navigate through them all.

World Wide Web Consortium (W3C)

People and companies that write most of the standards for the World Wide Web and HTTP.


Self-replicating program that moves through networked computers on its own, with little or no interaction from the user.



Not a subscriber?

Start A Free Trial

  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint